Aktuelle Version vom 11. Mai 2026, 13:44 Uhr

Variablen

ct state new iif $WANDEV udp dport $VPNPORT accept

ct state new iif $VPNDEV oif $SERVERDEV ip saddr $VPN ip daddr $SERVER accept

ct state new iif $VPNDEV oif $DMZDEV ip saddr $VPN ip daddr $DMZ accept

@@ Zeile 1: / Zeile 1: @@
 = Variablen =
-*wandev = enp0s3
+*WANDEV = enp0s3
-*serverdev = enp0s10
+*SERVERDEV = enp0s10
-*dmzdev = enp9s9
+*DMZDEV = enp0s8
-*vpndev = tun0
+*SERVER = 10.2XX.1.0/24
-*vpnport = 1194
-*server = 172.16.2xx.0/24
-*dmz = 10.88.2xx.0/24
-*vpn = 172.20.2xx.0/24
+*DMZ = 10.88.2XX.0/24
+*VPNDEV = tun0
+*VPNPORT = 1194
+*VPN = 172.20.2XX.0/24
 {{#drawio:ipt-openvpn}}
 = Vorausgesetztes Connection Tracking =
 ; Verschlüsselter Verkehr – OpenVPN UDP (input Kette)
-  ct state new iif $wandev udp dport $vpnport accept
+  ct state new iif $WANDEV udp dport $VPNPORT accept
 ; VPN → SERVER: Pakete aus dem Tunnel ins interne Netz (forward Kette)
-  ct state new iif $vpndev oif $serverdev ip saddr $vpn ip daddr $server ct state new accept
+  ct state new iif $VPNDEV oif $SERVERDEV ip saddr $VPN ip daddr $SERVER accept
 ; VPN → DMZ: Pakete aus dem Tunnel ins interne Netz (forward Kette)
-  ct state new iif $vpndev oif $dmzdev ip saddr $vpn ip daddr $dmz ct state new accept
+  ct state new iif $VPNDEV oif $DMZDEV ip saddr $VPN ip daddr $DMZ accept